Hello all! Having worked for a while with various computer systems, primarily Active Directory and Exchange, I wanted to share some of my experiences with two objectives in mind: 1) obtain feedback to improve my mastery of those systems and 2) help others working on the same subject. Other posts are about CentOS, Citrix NetScaler, and VMware.
NOTE: most of my posts are in English but some others in French, with a summary in English. However, some of the CentOS blog posts lack this summary.

Tuesday, April 19, 2016

NetScaler VPX - load balance Exchange - Part 5 (monitors)

The NetScaler VPX has numerous built-in "monitors" that check the state of the servers for which we are load balancing.

For example, there is a "ping-default" monitor and a "tcp-default" monitor (among many others not shown in the screenshot below):

If we highlight a monitor and select the Action "Show Bindings", we can see the services to which the monitor is bound:

By default (unless we designate another monitor), the RPC services use the "ping-default" monitor to check the status of the Exchange servers:

On the other hand, the OWA services use "tcp-default".Note: this is shown in a screenshot below.

If we examine the properties of a service (or service group) we can also determine the monitor that is being used from this perspective:

These default monitors check the availability of a server: if the server does not respond to a ping (for example), the load balancer will not send packets (in the broadest use of this term) to the server that appears to be unavailable. However, it is possible that the server is available (functional) but the actual services are stopped. Therefore, we can optionally configure a monitor if we want to fine-tune the awareness of service availability).

Note: in the paragraph above, the word service refers to the Windows services running on the server (or the Unix/Linux equivalent) as opposed to the "services" (or "service groups") that we create on the NetScaler.

The NetScaler VPX has a number of pre-configured monitors capable of checking the status of a particular service. For OWA (SSL) we have the following possibilities:

http

https

http-ecv

https-ecv

Note: we can also create custom monitors.

With http, the NetScaler sends a http request ("GET" for example) to the target server and waits for a http status code in response ("200" for example).

In the properties of the http monitor, the property for "Secure" is unchecked:

This seems to be incompatible with a target server requiring SSL connections, which would be the case if we use SSL pass-through or a SSL Bridge.

When I tested this for OWA, I obtained the following result:

However, if I use the "https" monitor (with "Secure" checked in the monitor properties), I obtain this result:

As for the other options (with the ecv suffix), they request a particular html page (for example) from the target server and search for a particular message in the response. In other words, the request contains a particular string and the response must contain a particular string as well.